init

README.md

@@ -1,2 +1,29 @@
-# ADD-PreReqs
-Attack Detect Defend Course Pre-Requisites
+# Attack Detect Defend 
+
+![Add1](images/add1.png)
+
+## Course Pre-Requisites
+
+The following pre-requisites are required before the first day of class.
+
+* GitHub (Free or Upgraded) Account [ [Instructions](labs/GitHub.md) ]
+* Azure "Upgraded" (Pay-As-You-Go) Account. [ [Instructions](labs/AzureAccount.md) ]
+* Deployment of DOAZLab.com in their  Azure Subscription [ [Instructions](labs/DOAZLab.md) ]
+
+![][Div1]
+
+Copyright - All Rights Reserved, Defensive Origins LLC
+
+
+
+  [Div1]: images/div1.png
+  [Div2]: images/div2.png
+  [DO]: https://www.defensiveorigins.com
+  [DOAZLab]: https://www.doazlab.com
+  [DOAZLab-Github]: https://github.com/DefensiveOrigins/DO-LAB
+  [DOTraining]: https://training.defensiveorigins.com
+  [DORegister]: https://defensiveorigins.com/first-to-know/
+  [DOAboutUs]: https://defensiveorigins.com/about-us
+  [WWHF]: https://wildwesthackinfest.com/
+  [1]: https://defensiveorigins.com/
+  [DOImage]:Z-images/do_darkbackground.jpg

labs/AzureAccount.md

@@ -0,0 +1,128 @@
+# ADD Pre-Requisite : Azure Account (Upgraded)
+
+Students are required to have an upgraded Azure account.  
+
+## Important notes:
+* It is not possible to operate the course lab on an Azure account that has not been upgraded.
+* A valid credit card is required to upgrade an Azure free-tier account to a paid account.
+* Creating an Azure account is free.
+* Azure components operated in the course cost approximately USD $10/day
+
+## Azure account
+There are three options for using an Azure account for the Defensive Origins Attack Detect Defend Lab:
+* Create a new Azure Account
+* Use an existing Azure Account (and upgrade if necessary)
+* Use a corporate Azure Account. 
+
+Generally speaking, we recommend using option 1 unless your organization offers to pay for the lab portions of this course on an existing enterprise Azure account.  If you are already familiar with Azure and have an existing account and Pay-As-You-Go subscription, you may use your existing account.
+
+**Option 1: New Pay-As-You-Go Azure Account**
+<blockquote>
+
+<Details><summary> <b>Step 1: Create Azure Account</b></summary>
+
+Go to https://azure.microsoft.com/en-us/free/ and click on "Pay as you go"
+
+| ![](../images/az1.png) | 
+|------------|
+
+Next, click on "Get Started"
+
+| ![](../images/az2.png) |
+|------------|
+
+You will next be required to login with a Microsoft Online account.  If you do not already have one, click on "Create Account", otherwise login with our Microsoft Account.  
+
+| ![](../images/az3.png) |
+|------------|
+
+After Logging in, you will need to enter your contact information. 
+
+| ![](../images/az4.png) |
+|------------|
+
+After validating identity with either a TXT or phone all, press NEXT and enter Paying Information.
+
+| ![](../images/az5.png) |
+|------------|
+
+After entering Billing Information, select a technical support plan.  Generally speaking, we suggest "No technical support.
+
+| ![](../images/az6.png) |
+|------------|
+
+Pressing "Sign up" will finish the registration process.
+
+After the process is completed, the screen will refresh and you will be provided a link to "Go To the Azure portal".  This can also be accomplished by accessing https://portal.azure.com. 
+
+| ![](../images/az7.png) |
+|------------|
+
+</details>
+
+<Details>
+  <summary> <b>Step 2: Confirm Subscription</b></summary>
+
+Continuing from the previous step, click on "Go To the Azure Portal" or goto https://portal.azure.com.
+
+From the Azure Portal, click on "Microsoft Azure" in the upper left corner, then select "Subscriptions"
+
+| ![](../images/az8.png) |
+|------------|
+
+You should only see one subscription.  Click on the name of the subscription.
+
+| ![](../images/az9.png) |
+|------------|
+
+This will show a new pane in the portal.  Ensure that the "Plan" associated with the Subscription does not say "Free"
+
+| ![](../images/az10.png) |
+|------------|
+
+You are ready to move on to the next step of the pre-requisites: Deploying the lab environment.
+
+</details>
+
+</blockquote>
+
+**Option 2: Update an Existing Azure account**
+<blockquote>
+If you have an existing Azure Account, it may be used so long as it is upgraded to a "Pay-As-You-Go" account.  If it has not been upgraded, from the Azure portal search "Subscriptions" and open the Subscriptions pane.  Then open the details for your existing subscription.  On the subscription you would like to use, press the option to "Upgrade to keep going with your account". 
+
+| ![](../images/azc-1.png) |
+|--------------------------|
+
+This will kickoff the process similar to the billing components of Step 1 in Option.
+</blockquote>
+
+
+**Option 3: Existing Azure Corporate Account**
+<blockquote>
+If your organization already operated a corporate Azure account, you may required access to deploy the lab environment within your corporate Azure subscriptions.
+Request access to a corporate (your company, business, from your IT operations department, help desk, CIO, CISO, CTO) subscription for this class. The subscription will require the following:
+
+* Three virtual machines, 2 CPUs each, 3.5 GB RAM each
+* Three public IPs
+* AZ Sentinel
+* Log Analytics
+
+</blockquote>
+
+
+![div2]
+
+Copyright - All Rights Reserved, Defensive Origins LLC
+
+  [Div1]: ../images/div1.png
+  [Div2]: ../images/div2.png
+  [DO]: https://www.defensiveorigins.com
+  [DOAZLab]: https://www.doazlab.com
+  [DOAZLab-Github]: https://github.com/DefensiveOrigins/DO-LAB
+  [DOTraining]: https://training.defensiveorigins.com
+  [DORegister]: https://defensiveorigins.com/first-to-know/
+  [DOAboutUs]: https://defensiveorigins.com/about-us
+  [WWHF]: https://wildwesthackinfest.com/
+  [1]: https://defensiveorigins.com/
+  [2]: https://wildwesthackinfest.com/training/
+  [DOImage]:Z-images/do_darkbackground.jpg

labs/DOAZLab.md

@@ -0,0 +1,150 @@
+# Pre-Requisite : Deploy course Lab Environment (DOAZLab.com)
+
+![][Div2]
+
+Students are required to deploy the DOAZLab in their azure subscription.
+
+## Important Information
+* An "upgraded" or "Pay-as-you-go" Azure account is required to deploy the lab environment.  See other pre-requisite instruction if you do not yet have an Azure account.
+* The cost of the lab environment is approximately $10/day.
+* Remember after the end of class delete your lab environment to ensure you have no unexpected fees from Azure.
+* The VM size selection will default to B2s, A2,or A2_V2 depending on region selection and availability.  Generally B2s is least expensive if available. Any of these options are acceptable for the lab environment.
+
+## Deploy Defensive Origins Azure Lab (DOAZLab)
+
+<Details><summary> <b> Step 1: Kickoff Deployment</b></summary>
+<blockquote>
+
+Deploy the Defensive Origins AZLab from doazlab.com:
+* https://www.doazlab.com
+
+[DOAZLab][DOAZLab]
+
+| ![](../images/prls2-1.jpg) |
+|----------------------------|
+
+Or, you can view the operations in more detail on GitHub:
+[DOAZLab-Github][DOAZLab-Github]
+
+| ![](../images/prls2-2a.jpg) |
+|----------------------------|
+
+
+And, deploy via the README with one click!! 
+
+**Be sure you are in a browser session you are either comfortable authenticating to Azure or you already have an authenticated session.**
+
+| ![](../images/prls2-2b.jpg) |
+|----------------------------|
+
+Next up you will choose your subscription, resource group, and log analytics workspace. For easy deployments and cleanup, a general recommendation is to create a new resource group and log analytics workspace. 
+
+| ![](../images/az9-b.png) |
+|----------------------------|
+
+The VM size selection will default to B2s, A2,or A2_V2 depending on region selection and availability. 
+**Generally B2s is least expensive** if available. Any of these options are acceptable for the lab environment.
+
+Feel free to modify the size of your VMs should you so choose. The default selections made for this course have been tested thoroughly and represent a balance of performance and cost.
+
+
+| ![](../images/prls2-4.jpg) |
+|----------------------------|
+
+The next step in your custom deployment is to confirm the public IP space. Feel free to limit this range more specifically to your known and trusted addresses. 
+
+**Please be aware that a demonstration will be provided and a discussion around this exposure and that leaving this address wide open (0.0.0.0/0) presents an interesting perspective of the Internet and the risks of exposing services there.**
+
+| ![](../images/prls2-5b.png) |
+|----------------------------|
+
+That is pretty much it for the configuration of your ARM template based deployment of the DO AZ lab environment. The next screenshot includes a warning about agreeing to the terms on Microsoft.
+
+| ![](../images/prls2-6.jpg) |
+|----------------------------|
+
+Whether you agree or not, should you choose to click Create, you implicitly do.
+
+| ![](../images/prls2-7.jpg) |
+|----------------------------|
+
+The full deployment will take approximately 45 minutes.  You do not need to keep the window open, the process will continue even if you close it.  In the following section, you will configure the new lab environment to report logs to Azure Sentinel.  You must wait for deployment to complete before continuing.
+</blockquote>
+</details>
+
+<Details><summary> <b>Step 2: Connect Log Sources</b></summary>
+<blockquote>
+
+
+In the previous step you deployed the DOAZLab environment into your Azure account. The full deployment takes approximately 45 minutes.  In the following section, you will configure the new lab environment to report logs to Azure Sentinel.  You must wait for deployment from the prior step to complete before continuing.
+
+From the main Azure Portal screen search "log analytics" and select "Log Analytics workspaces."  In the new pane, select the only available Log Analytics workspace.
+
+| ![](../images/azb-1.png) |
+|------------------------|
+
+Alternatively you may also find your Log Analytics workspace from the Azure Resources pane.  Note that your workspaces naming convention and will differ from the name shown in the screen below.
+
+| ![](../images/prls3-1.jpg) |
+|----------------------------|
+
+Click through to the Log Analytics workspace. Once there, scroll down and choose virtual machines under the "Workspace Data Sources" section. 
+
+| ![](../images/prls3-2.jpg) |
+|----------------------------|
+
+As shown below, your initial connection to the lab will require connecting each VM to the workspace.
+
+| ![](../images/prls3-3.jpg) |
+|----------------------------|
+
+Click on each virtual and complete the initial connection process. 
+
+| ![](../images/prls3-4.jpg) |
+|----------------------------|
+
+</blockquote>
+</details>
+
+<Details><summary> <b>Step 3: Gather Public IP Addresses for Access</b></summary>
+<blockquote>
+
+Gather your public IP addresses. 
+
+**https://portal.azure.com/#home --> Resource groups --> <DO_Lab_Resource_Group> --> Resources --> Filter --> "public"**
+
+| ![](../images/prls4-1.jpg) |
+|----------------------------|
+
+Click through each resource to gather the assigned public IP addresses.
+
+| ![](../images/prls4-2.jpg) |
+|----------------------------|
+
+As you gather them up, document them! The addresses in the list below do not represent your IP addresses.
+
+* DC Public IP: 13.67.200.257
+* Nux Public IP: 40.86.95.257
+* WS Public IP: 13.86.95.257
+
+
+</blockquote>
+</details>
+
+
+![div2]
+
+Copyright - All Rights Reserved, Defensive Origins LLC
+
+  [Div1]: ../images/div1.png
+  [Div2]: ../images/div2.png
+  [DO]: https://www.defensiveorigins.com
+  [DOAZLab]: https://www.doazlab.com
+  [DOAZLab-Github]: https://github.com/DefensiveOrigins/DO-LAB
+  [DOTraining]: https://training.defensiveorigins.com
+  [DORegister]: https://defensiveorigins.com/first-to-know/
+  [DOAboutUs]: https://defensiveorigins.com/about-us
+  [WWHF]: https://wildwesthackinfest.com/
+  [1]: https://defensiveorigins.com/
+  [2]: https://wildwesthackinfest.com/training/
+  [DOImage]:Z-images/do_darkbackground.jpg

labs/GitHub.md

@@ -0,0 +1,32 @@
+
+# ADD Pre-Requisite : GitHub Account
+
+Students can create a free GitHub account by going to https://github.com/signup and signing up for an account.  
+
+* Defensive Origins will share the course content with you on the GitHub platform by inviting the student to:
+  * A limited Organization
+  * A Private Team
+  * A Private repository.
+
+To receive the invitation to the organization, team, and repository, the student must have access to the email account that was used to generate the GitHub Account.
+
+![div2]
+
+Copyright - All Rights Reserved, Defensive Origins LLC
+
+
+
+  [Div1]: ../images/div1.png
+  [Div2]: ../images/div2.png
+  [DO]: https://www.defensiveorigins.com
+  [DOAZLab]: https://www.doazlab.com
+  [DOAZLab-Github]: https://github.com/DefensiveOrigins/DO-LAB
+  [DOTraining]: https://training.defensiveorigins.com
+  [DORegister]: https://defensiveorigins.com/first-to-know/
+  [DOAboutUs]: https://defensiveorigins.com/about-us
+  [WWHF]: https://wildwesthackinfest.com/
+  [1]: https://defensiveorigins.com/
+  [2]: https://wildwesthackinfest.com/training/
+  [DOImage]:Z-images/do_darkbackground.jpg
+ [Cheat-Sheets]:9-Others/Cheatsheets/
+ [Survey]:https://forms.office.com/Pages/ResponsePage.aspx?id=ezi0P6h7Wky98F15YOOzAxFXFOo3MeNFpviudN0SuLhUMDNCT1NYWk5QWjlHUkMyMVhJVjFJTjhQMy4u